diff options
| -rw-r--r-- | assets/js/handlers.js | 2 | ||||
| -rw-r--r-- | src/invidious/routes/account.cr | 14 | ||||
| -rw-r--r-- | src/invidious/views/user/token_manager.ecr | 2 |
3 files changed, 5 insertions, 13 deletions
diff --git a/assets/js/handlers.js b/assets/js/handlers.js index a3199fa7..67cd9081 100644 --- a/assets/js/handlers.js +++ b/assets/js/handlers.js @@ -91,7 +91,7 @@ var count = document.getElementById('count'); count.textContent--; - var url = '/token_ajax?action_revoke_token=1&redirect=false' + + var url = '/token_ajax?action=revoke_token&redirect=false' + '&referer=' + encodeURIComponent(location.href) + '&session=' + target.getAttribute('data-session'); diff --git a/src/invidious/routes/account.cr b/src/invidious/routes/account.cr index dd65e7a6..c8db207c 100644 --- a/src/invidious/routes/account.cr +++ b/src/invidious/routes/account.cr @@ -328,17 +328,9 @@ module Invidious::Routes::Account end end - if env.params.query["action_revoke_token"]? - action = "action_revoke_token" - else - return env.redirect referer - end - - session = env.params.query["session"]? - session ||= "" - - case action - when .starts_with? "action_revoke_token" + case action = env.params.query["action"]? + when "revoke_token" + session = env.params.query["session"] Invidious::Database::SessionIDs.delete(sid: session, email: user.email) else return error_json(400, "Unsupported action #{action}") diff --git a/src/invidious/views/user/token_manager.ecr b/src/invidious/views/user/token_manager.ecr index a73fa048..8431deb0 100644 --- a/src/invidious/views/user/token_manager.ecr +++ b/src/invidious/views/user/token_manager.ecr @@ -29,7 +29,7 @@ </div> <div class="pure-u-1-5" style="text-align:right"> <h3 style="padding-right:0.5em"> - <form data-onsubmit="return_false" action="/token_ajax?action_revoke_token=1&session=<%= token[:session] %>&referer=<%= env.get("current_page") %>" method="post"> + <form data-onsubmit="return_false" action="/token_ajax?action=revoke_token&session=<%= token[:session] %>&referer=<%= env.get("current_page") %>" method="post"> <input type="hidden" name="csrf_token" value="<%= HTML.escape(env.get?("csrf_token").try &.as(String) || "") %>"> <input style="all:unset" type="submit" data-onclick="revoke_token" data-session="<%= token[:session] %>" value="<%= translate(locale, "revoke") %>"> </form> |